zeek September 2005

zeek@lists.zeek.org

16 participants
30 discussions

by Mike Muratet

Greetings I am integrating bro into a larger system so that I can use it to keep track of connections (which seems easier than trying to write a method from scratch with pcap). I thought it would be straightforward to grep for print or email or alarm statements to figure out where to put the hooks for an IPC message but so far it eludes me. Is there a principal module for outputting the notifications? Thanks Mike

13 years, 8 months

[Bro] Bro Binary without debugging symbols

by nuno romano

Well,the bro0.9 binary after being stripped down, without debugging symbols is now approximately 1.8 Mb(1839856).Does this have any significant positive impact in terms of performance of bro? Thanks. __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com

15 years, 7 months

[Bro] Bro0.9Binary(22Mb)-Continued

by nuno romano

185096 2005-09-27 15:17 bro-0.9a9/src/Active.o 535720 2005-09-27 15:18 bro-0.9a9/src/Anon.o 437748 2005-09-27 15:18 bro-0.9a9/src/Attr.o 572236 2005-09-27 15:18 bro-0.9a9/src/BackDoor.o 510424 2005-09-27 15:18 bro-0.9a9/src/Base64.o 18936 2005-09-27 15:14 bro-0.9a9/src/bif_arg.o 53240 2005-09-27 15:14 bro-0.9a9/src/bif_lex.o 118052 2005-09-27 15:14 bro-0.9a9/src/bif_parse.o 31104 2005-09-27 15:18 bro-0.9a9/src/BPF_Program.o 100564 2005-09-27 15:18 bro-0.9a9/src/BroString.o 112744 2005-09-27 15:18 bro-0.9a9/src/CCL.o 389612 2005-09-27 15:19 bro-0.9a9/src/ChunkedIO.o 209448 2005-09-27 15:19 bro-0.9a9/src/CompHash.o 560240 2005-09-27 15:19 bro-0.9a9/src/ConnCompressor.o 616356 2005-09-27 15:19 bro-0.9a9/src/Conn.o 23896 2005-09-27 15:43 bro-0.9a9/src/cq.o 321312 2005-09-27 15:21 bro-0.9a9/src/DbgBreakpoint.o 254632 2005-09-27 15:21 bro-0.9a9/src/DbgHelp.o 257400 2005-09-27 15:21 bro-0.9a9/src/DbgWatch.o 530768 2005-09-27 15:20 bro-0.9a9/src/DCE_RPC.o 562916 2005-09-27 15:22 bro-0.9a9/src/DebugCmds.o 900 2005-09-27 15:22 bro-0.9a9/src/DebugLogger.o 462172 2005-09-27 15:21 bro-0.9a9/src/Debug.o 149524 2005-09-27 15:22 bro-0.9a9/src/Desc.o 161648 2005-09-27 15:20 bro-0.9a9/src/DFA.o 97140 2005-09-27 15:22 bro-0.9a9/src/Dict.o 464444 2005-09-27 15:22 bro-0.9a9/src/Discard.o 519304 2005-09-27 15:20 bro-0.9a9/src/DNS_Mgr.o 601924 2005-09-27 15:20 bro-0.9a9/src/DNS.o 38236 2005-09-27 15:22 bro-0.9a9/src/EquivClass.o 445972 2005-09-27 15:22 bro-0.9a9/src/EventHandler.o 441308 2005-09-27 15:22 bro-0.9a9/src/Event.o 452860 2005-09-27 15:23 bro-0.9a9/src/EventRegistry.o 1105264 2005-09-27 15:24 bro-0.9a9/src/Expr.o 483528 2005-09-27 15:24 bro-0.9a9/src/File.o 656956 2005-09-27 15:24 bro-0.9a9/src/Finger.o 486592 2005-09-27 15:25 bro-0.9a9/src/Frag.o 287664 2005-09-27 15:25 bro-0.9a9/src/Frame.o 665456 2005-09-27 15:24 bro-0.9a9/src/FTP.o 1317696 2005-09-27 15:26 bro-0.9a9/src/Func.o 583116 2005-09-27 15:26 bro-0.9a9/src/Gnutella.o 67572 2005-09-27 15:27 bro-0.9a9/src/Hash.o 858788 2005-09-27 15:27 bro-0.9a9/src/HTTP.o 560364 2005-09-27 15:27 bro-0.9a9/src/ICMP.o 663000 2005-09-27 15:28 bro-0.9a9/src/Ident.o 487228 2005-09-27 15:27 bro-0.9a9/src/ID.o 544068 2005-09-27 15:28 bro-0.9a9/src/InterConn.o 15816 2005-09-27 15:28 bro-0.9a9/src/IntSet.o 84320 2005-09-27 15:28 bro-0.9a9/src/IOSource.o 34556 2005-09-27 15:28 bro-0.9a9/src/List.o 150512 2005-09-27 15:28 bro-0.9a9/src/Logger.o 552384 2005-09-27 15:28 bro-0.9a9/src/Login.o 636440 2005-09-27 15:15 bro-0.9a9/src/main.o 8648 2005-09-27 15:43 bro-0.9a9/src/md5.o 672692 2005-09-27 15:29 bro-0.9a9/src/MIME.o 50164 2005-09-27 15:43 bro-0.9a9/src/nb_dns.o 555256 2005-09-27 15:31 bro-0.9a9/src/NetbiosSSN.o 678696 2005-09-27 15:30 bro-0.9a9/src/Net.o 44380 2005-09-27 15:15 bro-0.9a9/src/net_util.o 400420 2005-09-27 15:31 bro-0.9a9/src/NetVar.o 150108 2005-09-27 15:29 bro-0.9a9/src/NFA.o 539828 2005-09-27 15:29 bro-0.9a9/src/NFS.o 528208 2005-09-27 15:29 bro-0.9a9/src/NTP.o 560008 2005-09-27 15:30 bro-0.9a9/src/NVT.o 431392 2005-09-27 15:31 bro-0.9a9/src/Obj.o 282228 2005-09-27 15:31 bro-0.9a9/src/OSFinger.o 195284 2005-09-27 15:31 bro-0.9a9/src/PacketFilter.o 572180 2005-09-27 15:32 bro-0.9a9/src/PacketSort.o 677384 2005-09-27 15:16 bro-0.9a9/src/parse.o 43892 2005-09-27 15:43 bro-0.9a9/src/patricia.o 573244 2005-09-27 15:32 bro-0.9a9/src/PersistenceSerializer.o 519740 2005-09-27 15:32 bro-0.9a9/src/PktSrc.o 343024 2005-09-27 15:32 bro-0.9a9/src/PolicyFile.o 547448 2005-09-27 15:33 bro-0.9a9/src/Portmap.o 195284 2005-09-27 15:33 bro-0.9a9/src/PrefixTable.o 32912 2005-09-27 15:33 bro-0.9a9/src/PriorityQueue.o 30744 2005-09-27 15:33 bro-0.9a9/src/Queue.o 419148 2005-09-27 15:34 bro-0.9a9/src/Reassem.o 587932 2005-09-27 15:34 bro-0.9a9/src/RemoteSerializer.o 467072 2005-09-27 15:33 bro-0.9a9/src/RE.o 129760 2005-09-27 15:17 bro-0.9a9/src/re-parse.o 139864 2005-09-27 15:17 bro-0.9a9/src/re-scan.o 528660 2005-09-27 15:34 bro-0.9a9/src/Rlogin.o 545552 2005-09-27 15:33 bro-0.9a9/src/RPC.o 531620 2005-09-27 15:34 bro-0.9a9/src/RSH.o 514356 2005-09-27 15:35 bro-0.9a9/src/RuleAction.o 531292 2005-09-27 15:35 bro-0.9a9/src/RuleCondition.o 603136 2005-09-27 15:35 bro-0.9a9/src/RuleMatcher.o 513972 2005-09-27 15:35 bro-0.9a9/src/Rule.o 534192 2005-09-27 15:17 bro-0.9a9/src/rule-parse.o 527328 2005-09-27 15:17 bro-0.9a9/src/rule-scan.o 353096 2005-09-27 15:16 bro-0.9a9/src/scan.o 234132 2005-09-27 15:37 bro-0.9a9/src/Scope.o 279680 2005-09-27 15:36 bro-0.9a9/src/ScriptAnaly.o 432560 2005-09-27 15:37 bro-0.9a9/src/SerializationFormat.o 661068 2005-09-27 15:37 bro-0.9a9/src/Serializer.o 496084 2005-09-27 15:37 bro-0.9a9/src/SerialObj.o 754244 2005-09-27 15:38 bro-0.9a9/src/Sessions.o 13504 2005-09-27 15:43 bro-0.9a9/src/setsignal.o 563256 2005-09-27 15:36 bro-0.9a9/src/SMB.o 723116 2005-09-27 15:36 bro-0.9a9/src/SMTP.o 518580 2005-09-27 15:36 bro-0.9a9/src/SSH.o 75564 2005-09-27 15:44 bro-0.9a9/src/SSLCiphers.o 559924 2005-09-27 15:44 bro-0.9a9/src/SSLInterpreter.o 561824 2005-09-27 15:44 bro-0.9a9/src/SSLProxy.o 564244 2005-09-27 15:44 bro-0.9a9/src/SSLv2.o 102900 2005-09-27 15:45 bro-0.9a9/src/SSLv3Automaton.o 598860 2005-09-27 15:45 bro-0.9a9/src/SSLv3.o 498496 2005-09-27 15:38 bro-0.9a9/src/StateAccess.o 549704 2005-09-27 15:38 bro-0.9a9/src/Stats.o 541444 2005-09-27 15:39 bro-0.9a9/src/SteppingStone.o 659508 2005-09-27 15:39 bro-0.9a9/src/Stmt.o 1886 2005-09-27 15:43 bro-0.9a9/src/strsep.o 579128 2005-09-27 15:40 bro-0.9a9/src/TCP_Contents.o 693992 2005-09-27 15:40 bro-0.9a9/src/TCP_Endpoint.o 759128 2005-09-27 15:40 bro-0.9a9/src/TCP.o 1044548 2005-09-27 15:41 bro-0.9a9/src/TCP_Rewriter.o 513536 2005-09-27 15:41 bro-0.9a9/src/Telnet.o 430248 2005-09-27 15:41 bro-0.9a9/src/Timer.o 256136 2005-09-27 15:41 bro-0.9a9/src/Traverse.o 634040 2005-09-27 15:42 bro-0.9a9/src/Type.o 528056 2005-09-27 15:42 bro-0.9a9/src/UDP.o 20572 2005-09-27 15:15 bro-0.9a9/src/util.o 888688 2005-09-27 15:43 bro-0.9a9/src/Val.o 470688 2005-09-27 15:43 bro-0.9a9/src/Var.o 1628 2005-09-27 15:43 bro-0.9a9/src/version.o 525508 2005-09-27 15:44 bro-0.9a9/src/X509.o 32240 2005-09-27 15:43 bro-0.9a9/src/XDR.o __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

15 years, 7 months

[Bro] [Fwd: Fwd: [TWiki-Announce] Security Alert: TWiki INCLUDE function allows arbitrary shell commandexecution]

by Jim Mellander

I know the Bro twiki was patched recently, but it looks like another round of patching is appropriate. -------- Original Message -------- Subject: Fwd: [TWiki-Announce] Security Alert: TWiki INCLUDE function allows arbitrary shell commandexecution Date: Wed, 28 Sep 2005 07:35:36 -0700 From: Computer Incident Advisory Capability <ciac(a)ciac.org> To: JMellander(a)lbl.gov CC: ciac(a)ciac.org, cppm(a)lbl.gov Jim, FYI, Thought I would pass this along. We may put out a bulletin, but it won't be for another four hours or so. Do you already subscribe to this list? Julie Driscoll ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computer Incident Advisory Capability (CIAC) U. S. Department of Energy 866-901-CIAC or 925-422-8193 ciac(a)ciac.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) >X-Accept-Language: en >To: twiki-announce(a)lists.sourceforge.net, twiki-dev(a)lists.sourceforge.net >Cc: twiki-security(a)lists.sourceforge.net >X-Spam-Score: 1.1 (+) >X-Spam-Report: Spam Filtering performed by sourceforge.net. > See http://spamassassin.org/tag/ for more details. > Report problems to > http://sf.net/tracker/?func=add&group_id=1&atid=200001 > 1.0 FORGED_RCVD_HELO Received: contains a forged HELO > 0.0 SF_CHICKENPOX_PERIOD BODY: Text interparsed with . > 0.0 SF_CHICKENPOX_SLASH BODY: Text interparsed with / > 0.0 SF_CHICKENPOX_MINUS BODY: Text interparsed with - > 0.0 SF_CHICKENPOX_COLON BODY: Text interparsed with : > 0.0 SF_CHICKENPOX_UNDERSCORE BODY: Text interparsed with _ > 0.0 SF_CHICKENPOX_GREATERTHAN BODY: Text interparsed with > > 0.0 SF_CHICKENPOX_AT BODY: Text interparsed with @ > 0.0 SF_CHICKENPOX_APOSTROPHE BODY: Text interparsed with ' >From: twiki-announce-admin(a)lists.sourceforge.net >Reply-To: twiki-announce(a)lists.sourceforge.net >Subject: [TWiki-Announce] Security Alert: TWiki INCLUDE function allows >arbitrary shell > commandexecution >Sender: twiki-announce-admin(a)lists.sourceforge.net >X-BeenThere: twiki-announce(a)lists.sourceforge.net >X-Mailman-Version: 2.0.9-sf.net >List-Unsubscribe: ><https://lists.sourceforge.net/lists/listinfo/twiki-announce>, > ><mailto:twiki-announce-request@lists.sourceforge.net?subject=unsubscribe> >List-Id: TWiki announcement list - security update and release notices >(low volume) <twiki-announce.lists.sourceforge.net> >List-Post: <mailto:twiki-announce@lists.sourceforge.net> >List-Help: <mailto:twiki-announce-request@lists.sourceforge.net?subject=help> >List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/twiki-announce>, > ><mailto:twiki-announce-request@lists.sourceforge.net?subject=subscribe> >List-Archive: ><http://sourceforge.net/mailarchive/forum.php?forum=twiki-announce> >Date: Tue, 27 Sep 2005 22:48:27 -0700 >X-Scanned-By: MIMEDefang 2.39 > >Dear TWiki Administrator, > >This advisory alerts you of a potential security issue with your >TWiki installation: The TWiki INCLUDE function allows arbitrary >shell command execution. The permanent place for this advisory is >http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude >where you can see updates and follow-ups. > >If you do not use TWiki, please ignore this e-mail. If you don't >administer your TWiki site, or started a site now administered by >someone else, please pass it to the current TWiki site administrator. > >Please see also unrelated security audit on visible lib directories, >http://twiki.org/cgi-bin/view/Codev/SecurityAuditOnVisibleLibDir > >Table of Contents: > > * Vulnerable Software Version > * Attack Vectors > * Impact > * MITRE Name for this Vulnerability > * Details > * Countermeasures > * Authors and Credits > * Hotfix > * Patch for TWiki Production Release 03-Sep-2004 > * Patch for TWiki Production Release 02-Sep-2004 > * Patch for TWiki Production Release 01-Feb-2003 > * TWiki News > > >---++ Vulnerable Software Version > > * TWikiRelease03Sep2004[2] -- TWiki20040903.zip > * TWikiRelease02Sep2004[3] -- TWiki20040902.zip > * TWikiRelease01Sep2004[4] -- TWiki20040901.zip > * TWikiRelease01Feb2003[5] -- TWiki20030201.zip > >Not affected are: > * Recent DakarReleases[6] (upcoming production release, soon) > * TWikiRelease01Sep2004 patched with Florian Weimer's > UncoordinatedSecurityAlert23Feb2005[7] > > >---++ Attack Vectors > >Editing wiki pages and HTTP GET requests towards the Wiki server >(typically port 80/TCP). Typically, prior authentication is >necessary (including anonymous TWikiGuest accounts). > > >---++ Impact > >An attacker is able to execute arbitrary shell commands with the >privileges of the web server process, such as user nobody. > > >---++ MITRE Name for this Vulnerability > >The Common Vulnerabilities and Exposures project has assigned the >name CAN-2005-3056 to this vulnerability. > > >---++ Details > >The TWiki INCLUDE function enables a malicious user to compose a >command line executed by the Perl backtick (``) operator. > >The rev parameter of the INCLUDE variable is not checked properly >for shell metacharacters and is thus vulnerable to revision >numbers containing pipes and shell commands. The exploit is >possible on included topics with two or more revisions. > >Example INCLUDE variable exploiting the rev parameter: >%INCLUDE{ "Main.TWikiUsers" rev="2|less /etc/passwd" }% > >The same vulnerability is exposed to all Plugins and add-ons that >use TWiki::Func::readTopicText[8] function to read a previous topic >revision. This has been tested on TWiki:Plugins.RevCommentPlugin[9] >and TWiki:Plugins.CompareRevisionsAddon[10]. > >If access to TWiki is not restricted by other means, attackers can >use the revision function with or without prior authentication, >depending on the configuration. > >See Also: > * IncludePreviousTopicRevision[11] > * SecurityAlertExecuteCommandsWithRev[12] > * SecurityAlertExecuteCommandsWithSearch[13] > * UncoordinatedSecurityAlert23Feb2005[7] > > >---++ Countermeasures > > * Apply hotfix (see patches below) > * NOTE: The hotfix is known to prevent the current attacks, > but it might not be a complete fix > * Upgrade to the latest patched production TWikiRelease04Sep2004[1] > * NOTE: If you are running an *unmodified* > TWikiRelease01Sep2004[4], TWikiRelease02Sep2004[3] or > TWikiRelease03Sep2004[2], simply copy the following patched > files from TWikiRelease04Sep2004 to your installation: > lib/TWiki.pm, lib/TWiki/Store.pm, lib/TWiki/UI/RDiff.pm, > lib/TWiki/UI/View.pm, lib/TWiki/UI/Viewfile.pm > * Apply patch of UncoordinatedSecurityAlert23Feb2005[7] (but see > known issues of that patch) > * Filter access to the web server > * Use the web server software to restrict access to the web pages > served by TWiki > >---++ Authors and Credits > > * Credit to TWiki:Main.JChristophFuchs (jcf(a)ipp.mpg.de) and > TWiki:Main.JoseLuna (luna(a)aditel.org) for disclosing the issue > to the twiki-security(a)lists.sourceforge.net mailing list > * TWiki:Main.JoseLuna for contributing a more robust patch to > recent SecurityAlertExecuteCommandsWithRev[12] issue (included > in this patch) > * TWiki:Main.PeterThoeny, TWiki:Main.JoseLuna, > TWiki:Main.CrawfordCurrie for contributing to the advisory and > the patch > > >---++ Hotfix > >---+++ Patch for TWiki Production Release 03-Sep-2004 > >Affected files: twiki/lib/TWiki.pm, twiki/lib/TWiki/Store.pm, >lib/TWiki/UI/RDiff.pm, lib/TWiki/UI/View.pm, >lib/TWiki/UI/Viewfile.pm > >See attached patch file TWiki200409-03-04patch.txt > > >---+++ Patch for TWiki Production Release 02-Sep-2004 > >Affected files: twiki/lib/TWiki.pm, twiki/lib/TWiki/Store.pm, >lib/TWiki/UI/RDiff.pm, lib/TWiki/UI/View.pm, >lib/TWiki/UI/Viewfile.pm > >See attached patch file TWiki200409-02-04patch.txt > > >---+++ Patch for TWiki Production Release 01-Feb-2003 > >__Note:__ This assumes that the release is already patched with >SecurityAlertExecuteCommandsWithRev[12] fix. > >Affected files: twiki/lib/TWiki/Store.pm, twiki/bin/rdiff, >twiki/bin/view, twiki/bin/viewfil= > >See attached patch file TWiki200302-01-04patch.txt > > >---++ TWiki News > > * A new TWiki release is upcoming soon, code named DakarRelease[6] > * To customize your TWiki installation, TWiki.org offers now > 177 Plugin packages[14], 56 Add-on packages[15], 30 Skin > packages[16], and 11 TWiki contrib packages [17] > * Codev.TWikiSecurityAlertProcess[18] documents our security > process > * Wikis and TWiki get covered more my the press[19] > * TWiki is represented at the International Symposium on Wikis[20] > in San Diego, 17-18 Oct 2005 > * A new book on Wikis in the Workplace is in work[21] > >Best regards, >Peter > > >[1]: http://twiki.org/cgi-bin/view/Codev/TWikiRelease04Sep2004 >[2]: http://twiki.org/cgi-bin/view/Codev/TWikiRelease03Sep2004 >[3]: http://twiki.org/cgi-bin/view/Codev/TWikiRelease02Sep2004 >[4]: http://twiki.org/cgi-bin/view/Codev/TWikiRelease01Sep2004 >[5]: http://twiki.org/cgi-bin/view/Codev/TWikiRelease01Feb2003 >[6]: http://twiki.org/cgi-bin/view/Codev/DakarReleases >[7]: http://twiki.org/cgi-bin/view/Codev/UncoordinatedSecurityAlert23Feb2005 >[8]: http://twiki.org/cgi-bin/view/TWiki/TWikiFuncModule >[9]: http://twiki.org/cgi-bin/view/Plugins/RevCommentPlugin >[10]: http://twiki.org/cgi-bin/view/Plugins/CompareRevisionsAddon >[11]: http://twiki.org/cgi-bin/view/Codev/IncludePreviousTopicRevision >[12]: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev >[13]: >http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch >[14]: http://twiki.org/cgi-bin/view/Plugins/PluginPackage >[15]: http://twiki.org/cgi-bin/view/Plugins/AddOnPackage >[16]: http://twiki.org/cgi-bin/view/Plugins/SkinPackage >[17]: http://twiki.org/cgi-bin/view/Plugins/ContribPackage >[18]: http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlertProcess >[19]: http://twiki.org/cgi-bin/view/Codev/TWikiInTheNews >[20]: http://twiki.org/cgi-bin/view/Codev/InternationalSymposiumOnWikis >[21]: http://twiki.org/cgi-bin/view/Codev/WikisInTheWorkplaceBook > > >-- > * Peter Thoeny Peter(a)Thoeny.com > * Is your team already TWiki enabled? http://TWiki.org > * This e-mail is: (x) public (_) ask first (_) private >--- ../rel20040903/TWikiDocumentation.html Fri Sep 9 18:09:15 2005 >+++ ./TWikiDocumentation.html Tue Sep 20 16:32:36 2005 >@@ -1,7 +1,7 @@ > <html><head> > <title>TWikiDocumentation</title> > </head><body bgcolor="#ffffff"> >-<h1><a name="TWiki_Reference_Manual_03_Sep_20"> </a><a >name="_TWiki_Reference_Manual_03_Sep_2"> </a> TWiki Reference Manual (03 >Sep 2004 $Rev: 1742 $) </h1> >+<h1><a name="TWiki_Reference_Manual_04_Sep_20"> </a><a >name="_TWiki_Reference_Manual_04_Sep_2"> </a> TWiki Reference Manual (04 >Sep 2004 $Rev: 1742 $) </h1> > <p /> > <script type="text/javascript"> > <!-- >@@ -3816,7 +3816,7 @@ > </li> > </ul> > <p /> >-This version of TWiki - 03 Sep 2004 $Rev: 1742 $ - expands the following >variables (enclosed in <code><b>%</b></code> percent signs): >+This version of TWiki - 04 Sep 2004 $Rev: 1742 $ - expands the following >variables (enclosed in <code><b>%</b></code> percent signs): > <p /> > <p /> > <p /> >@@ -4627,7 +4627,7 @@ > <ul> > <li> Syntax: <code>%WIKIVERSION%</code> > </li> >-<li> Expands to: <code>03 Sep 2004 $Rev: 1742 $</code> >+<li> Expands to: <code>04 Sep 2004 $Rev: 1742 $</code> > </li> > <li> Related: <a class="twikiAnchorLink" > href="#VarPLUGINVERSION">PLUGINVERSION</a>, <a class="twikiAnchorLink" > href="#VarWIKITOOLNAME">WIKITOOLNAME</a> > </li> >--- ../rel20040903/license.txt Fri Sep 9 18:04:46 2005 >+++ ./license.txt Tue Sep 20 16:33:21 2005 >@@ -1,4 +1,4 @@ >-Copyright and License of TWiki, 03 Sep 2004 >+Copyright and License of TWiki, 04 Sep 2004 > ------------------------------------------- > > TWiki (TM) is copyrighted (C) 1999-2004 by Peter Thoeny, >--- ../rel20040903/readme.txt Fri Sep 9 18:05:03 2005 >+++ ./readme.txt Tue Sep 20 16:33:01 2005 >@@ -5,7 +5,7 @@ > TWiki Distribution > ------------------ > >-Version: 03 Sep 2004 $Rev: 1742 $ >+Version: 04 Sep 2004 $Rev: 1742 $ > Release type: Production release > > This version is TWiki Release 01-Sep-2004 patched for >--- ../rel20040903/lib/TWiki.pm Fri Sep 9 18:01:49 2005 >+++ ./lib/TWiki.pm Tue Sep 20 16:34:03 2005 >@@ -154,7 +154,7 @@ > > # =========================== > # TWiki version: >-$wikiversion = '03 Sep 2004 $Rev: 1742 $'; >+$wikiversion = '04 Sep 2004 $Rev: 1742 $'; > > # =========================== > # Key Global variables, required for writeDebug >--- ../rel20040903/lib/TWiki/Store.pm Thu Sep 8 21:30:44 2005 >+++ ./lib/TWiki/Store.pm Tue Sep 20 16:46:05 2005 >@@ -451,7 +451,9 @@ > my( $theWeb, $theTopic, $theRev ) = @_; > my $topicHandler = _getTopicHandler( $theWeb, $theTopic ); > >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/^r?1\.//o; >+ # Fix for Codev.SecurityAlertExecuteCommandsWithInclude >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > return $topicHandler->getRevision( $theRev ); > } > >@@ -468,7 +470,9 @@ > my ( $theWeb, $theTopic, $theAttachment, $theRev ) = @_; > > my $topicHandler = _getTopicHandler( $theWeb, $theTopic, > $theAttachment ); >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/^r?1\.//o; >+ # Fix for Codev.SecurityAlertExecuteCommandsWithInclude >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > return $topicHandler->getRevision( $theRev ); > } > >@@ -574,7 +578,7 @@ > $theRev = "" unless( $theRev ); > $theRev =~ s/r?1\.//o; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $theRev = "" unless( $theRev =~ s/.*?([0-9]+).*/$1/o ); >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > > $topicHandler = _getTopicHandler( $theWebName, $theTopic, > $attachment ) if( ! $topicHandler ); > my( $rcsOut, $rev, $date, $user, $comment ) = > $topicHandler->getRevisionInfo( $theRev ); >--- ../rel20040903/lib/TWiki/UI/RDiff.pm Thu Sep 8 21:33:13 2005 >+++ ./lib/TWiki/UI/RDiff.pm Tue Sep 20 16:41:08 2005 >@@ -410,8 +410,8 @@ > $rev1 =~ s/r?1\.//go; # cut 'r' and major > $rev2 =~ s/r?1\.//go; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $rev1 = $maxrev unless( $rev1 =~ s/.*?([0-9]+).*/$1/o ); >- $rev2 = $maxrev unless( $rev2 =~ s/.*?([0-9]+).*/$1/o ); >+ $rev1 = $maxrev unless( $rev1 =~ s/^.*?([0-9]+).*$/$1/so ); >+ $rev2 = $maxrev unless( $rev2 =~ s/^.*?([0-9]+).*$/$1/so ); > if( $rev1 < 1 ) { $rev1 = $maxrev; } > if( $rev1 > $maxrev ) { $rev1 = $maxrev; } > if( $rev2 < 1 ) { $rev2 = 1; } >--- ../rel20040903/lib/TWiki/UI/View.pm Thu Sep 8 21:34:52 2005 >+++ ./lib/TWiki/UI/View.pm Tue Sep 20 16:42:24 2005 >@@ -108,7 +108,7 @@ > if( $rev ) { > $rev =~ s/r?1\.//go; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $rev = $maxrev unless( $rev =~ s/.*?([0-9]+).*/$1/o ); >+ $rev = $maxrev unless( $rev =~ s/^.*?([0-9]+).*$/$1/so ); > if( $rev < 1 ) { $rev = 1; } > if( $rev > $maxrev ) { $rev = $maxrev; } > } else { >--- ../rel20040903/lib/TWiki/UI/Viewfile.pm Thu Sep 8 21:35:59 2005 >+++ ./lib/TWiki/UI/Viewfile.pm Tue Sep 20 16:41:51 2005 >@@ -45,7 +45,7 @@ > my $rev = $query->param( 'rev' ) || ""; > $rev =~ s/r?1\.//o; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $rev = "" unless( $rev =~ s/.*?([0-9]+).*/$1/o ); >+ $rev = "" unless( $rev =~ s/^.*?([0-9]+).*$/$1/so ); > > return unless TWiki::UI::webExists( $webName, $topic ); > > >--- ../rel20040902/TWikiDocumentation.html Tue Aug 31 09:35:18 2004 >+++ ./TWikiDocumentation.html Tue Sep 20 16:32:36 2005 >@@ -1,7 +1,7 @@ > <html><head> > <title>TWikiDocumentation</title> > </head><body bgcolor="#ffffff"> >-<h1><a name="TWiki_Reference_Manual_01_Sep_20"> </a><a >name="_TWiki_Reference_Manual_01_Sep_2"> </a> TWiki Reference Manual (01 >Sep 2004 $Rev: 1742 $) </h1> >+<h1><a name="TWiki_Reference_Manual_04_Sep_20"> </a><a >name="_TWiki_Reference_Manual_04_Sep_2"> </a> TWiki Reference Manual (04 >Sep 2004 $Rev: 1742 $) </h1> > <p /> > <script type="text/javascript"> > <!-- >@@ -3816,7 +3816,7 @@ > </li> > </ul> > <p /> >-This version of TWiki - 01 Sep 2004 $Rev: 1742 $ - expands the following >variables (enclosed in <code><b>%</b></code> percent signs): >+This version of TWiki - 04 Sep 2004 $Rev: 1742 $ - expands the following >variables (enclosed in <code><b>%</b></code> percent signs): > <p /> > <p /> > <p /> >@@ -4627,7 +4627,7 @@ > <ul> > <li> Syntax: <code>%WIKIVERSION%</code> > </li> >-<li> Expands to: <code>01 Sep 2004 $Rev: 1742 $</code> >+<li> Expands to: <code>04 Sep 2004 $Rev: 1742 $</code> > </li> > <li> Related: <a class="twikiAnchorLink" > href="#VarPLUGINVERSION">PLUGINVERSION</a>, <a class="twikiAnchorLink" > href="#VarWIKITOOLNAME">WIKITOOLNAME</a> > </li> >@@ -9836,4 +9836,4 @@ > </li> > </ul> > <p /> >-</body></html> >+</body></html> >--- ../rel20040902/license.txt Fri Nov 19 21:31:10 2004 >+++ ./license.txt Tue Sep 20 16:33:21 2005 >@@ -1,4 +1,4 @@ >-Copyright and License of TWiki, 02 Sep 2004 >+Copyright and License of TWiki, 04 Sep 2004 > ------------------------------------------- > > TWiki (TM) is copyrighted (C) 1999-2004 by Peter Thoeny, >--- ../rel20040902/readme.txt Fri Nov 19 21:37:33 2004 >+++ ./readme.txt Tue Sep 20 16:33:01 2005 >@@ -5,7 +5,7 @@ > TWiki Distribution > ------------------ > >-Version: 02 Sep 2004 $Rev: 1742 $ >+Version: 04 Sep 2004 $Rev: 1742 $ > Release type: Production release > > This version is TWiki Release 01-Sep-2004 patched for >--- ../rel20040902/lib/TWiki.pm Fri Nov 19 21:31:53 2004 >+++ ./lib/TWiki.pm Tue Sep 20 16:34:03 2005 >@@ -154,7 +154,7 @@ > > # =========================== > # TWiki version: >-$wikiversion = '02 Sep 2004 $Rev: 1742 $'; >+$wikiversion = '04 Sep 2004 $Rev: 1742 $'; > > # =========================== > # Key Global variables, required for writeDebug >--- ../rel20040902/lib/TWiki/Store.pm Thu Jul 22 01:43:40 2004 >+++ ./lib/TWiki/Store.pm Tue Sep 20 16:46:05 2005 >@@ -451,7 +451,9 @@ > my( $theWeb, $theTopic, $theRev ) = @_; > my $topicHandler = _getTopicHandler( $theWeb, $theTopic ); > >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/^r?1\.//o; >+ # Fix for Codev.SecurityAlertExecuteCommandsWithInclude >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > return $topicHandler->getRevision( $theRev ); > } > >@@ -468,7 +470,9 @@ > my ( $theWeb, $theTopic, $theAttachment, $theRev ) = @_; > > my $topicHandler = _getTopicHandler( $theWeb, $theTopic, > $theAttachment ); >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/^r?1\.//o; >+ # Fix for Codev.SecurityAlertExecuteCommandsWithInclude >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > return $topicHandler->getRevision( $theRev ); > } > >@@ -572,7 +576,9 @@ > } > > $theRev = "" unless( $theRev ); >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/r?1\.//o; # cut 'r' and major >+ # Fix for Codev.SecurityAlertExecuteCommandsWithRev >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > > $topicHandler = _getTopicHandler( $theWebName, $theTopic, > $attachment ) if( ! $topicHandler ); > my( $rcsOut, $rev, $date, $user, $comment ) = > $topicHandler->getRevisionInfo( $theRev ); >--- ../rel20040902/lib/TWiki/UI/RDiff.pm Sun Aug 8 01:28:45 2004 >+++ ./lib/TWiki/UI/RDiff.pm Tue Sep 20 16:41:08 2005 >@@ -409,6 +409,9 @@ > if( ! $rev2 ) { $rev2 = 0; } > $rev1 =~ s/r?1\.//go; # cut 'r' and major > $rev2 =~ s/r?1\.//go; # cut 'r' and major >+ # Fix for Codev.SecurityAlertExecuteCommandsWithRev >+ $rev1 = $maxrev unless( $rev1 =~ s/^.*?([0-9]+).*$/$1/so ); >+ $rev2 = $maxrev unless( $rev2 =~ s/^.*?([0-9]+).*$/$1/so ); > if( $rev1 < 1 ) { $rev1 = $maxrev; } > if( $rev1 > $maxrev ) { $rev1 = $maxrev; } > if( $rev2 < 1 ) { $rev2 = 1; } >--- ../rel20040902/lib/TWiki/UI/View.pm Tue Aug 24 23:36:15 2004 >+++ ./lib/TWiki/UI/View.pm Tue Sep 20 16:42:24 2005 >@@ -107,6 +107,8 @@ > > if( $rev ) { > $rev =~ s/r?1\.//go; # cut 'r' and major >+ # Fix for Codev.SecurityAlertExecuteCommandsWithRev >+ $rev = $maxrev unless( $rev =~ s/^.*?([0-9]+).*$/$1/so ); > if( $rev < 1 ) { $rev = 1; } > if( $rev > $maxrev ) { $rev = $maxrev; } > } else { >--- ../rel20040902/lib/TWiki/UI/Viewfile.pm Fri May 28 23:51:35 2004 >+++ ./lib/TWiki/UI/Viewfile.pm Tue Sep 20 16:41:51 2005 >@@ -43,6 +43,9 @@ > > my $fileName = $query->param( 'filename' ); > my $rev = $query->param( 'rev' ) || ""; >+ $rev =~ s/r?1\.//o; # cut 'r' and major >+ # Fix for Codev.SecurityAlertExecuteCommandsWithRev >+ $rev = "" unless( $rev =~ s/^.*?([0-9]+).*$/$1/so ); > > return unless TWiki::UI::webExists( $webName, $topic ); > > >--- lib/TWiki/Store.pm.orig2 Thu Sep 8 23:10:58 2005 >+++ lib/TWiki/Store.pm Tue Sep 20 17:19:49 2005 >@@ -278,7 +278,9 @@ > my( $theWeb, $theTopic, $theRev ) = @_; > my $topicHandler = _getTopicHandler( $theWeb, $theTopic ); > >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/^r?1\.//o; # cut 'r' and major >+ # Fix for Codev.SecurityAlertExecuteCommandsWithInclude >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > return $topicHandler->getRevision( $theRev ); > } > >@@ -288,7 +290,9 @@ > my ( $theWeb, $theTopic, $theAttachment, $theRev ) = @_; > > my $topicHandler = _getTopicHandler( $theWeb, $theTopic, > $theAttachment ); >- $theRev =~ s/^1\.//o; >+ $theRev =~ s/^r?1\.//o; # cut 'r' and major >+ # Fix for Codev.SecurityAlertExecuteCommandsWithInclude >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > return $topicHandler->getRevision( $theRev ); > } > >@@ -352,9 +356,9 @@ > $theWebName = $TWiki::webName; > } > >- $theRev =~ s/r?1\.//o; # cut 'r' and major >+ $theRev =~ s/^r?1\.//o; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $theRev = "" unless( $theRev =~ s/.*?([0-9]+).*/$1/o ); >+ $theRev = "" unless( $theRev =~ s/^.*?([0-9]+).*$/$1/so ); > > $topicHandler = _getTopicHandler( $theWebName, $theTopic, > $attachment ) if( ! $topicHandler ); > my( $rcsOut, $rev, $date, $user, $comment ) = > $topicHandler->getRevisionInfo( $theRev ); >--- bin/rdiff.orig2 Thu Sep 8 23:18:05 2005 >+++ bin/rdiff Tue Sep 20 17:31:11 2005 >@@ -156,8 +156,8 @@ > $rev1 =~ s/r?1\.//go; # cut 'r' and major > $rev2 =~ s/r?1\.//go; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $rev1 = $maxrev unless( $rev1 =~ s/.*?([0-9]+).*/$1/o ); >- $rev2 = $maxrev unless( $rev2 =~ s/.*?([0-9]+).*/$1/o ); >+ $rev1 = $maxrev unless( $rev1 =~ s/^.*?([0-9]+).*$/$1/so ); >+ $rev2 = $maxrev unless( $rev2 =~ s/^.*?([0-9]+).*$/$1/so ); > if( $rev1 < 1 ) { $rev1 = $maxrev; } > if( $rev1 > $maxrev ) { $rev1 = $maxrev; } > if( $rev2 < 1 ) { $rev2 = 1; } >--- bin/view.orig2 Thu Sep 8 23:13:47 2005 >+++ bin/view Tue Sep 20 17:31:33 2005 >@@ -124,7 +124,7 @@ > if( $rev ) { > $rev =~ s/r?1\.//go; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $rev = $maxrev unless( $rev =~ s/.*?([0-9]+).*/$1/o ); >+ $rev = $maxrev unless( $rev =~ s/^.*?([0-9]+).*$/$1/so ); > if( $rev < 1 ) { $rev = 1; } > if( $rev > $maxrev ) { $rev = $maxrev; } > } else { >--- bin/viewfile.orig2 Thu Sep 8 23:14:54 2005 >+++ bin/viewfile Tue Sep 20 17:31:54 2005 >@@ -65,7 +65,7 @@ > my $rev = $query->param( 'rev' ) || ""; > $rev =~ s/r?1\.//o; # cut 'r' and major > # Fix for Codev.SecurityAlertExecuteCommandsWithRev >- $rev = "" unless( $rev =~ s/.*?([0-9]+).*/$1/o ); >+ $rev = "" unless( $rev =~ s/^.*?([0-9]+).*$/$1/so ); > my $topRev = &TWiki::Store::getRevisionNumber( $webName, $topic, > $fileName ); > > if( ( $rev ) && ( $rev ne $topRev ) ) { -- Jim Mellander Incident Response Manager Computer Protection Program Lawrence Berkeley National Laboratory (510) 486-7204 Your fortune for today is: It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

15 years, 7 months

[Bro] About Bro and splitting of the tcpdump trace

by He Haitao

Hi, I want to find a tool to split the captured trace (using tcpdump tool) into two parts: the normal sub-trace and the abnormal one which compising of network attacks detected, can the Bro do ? If not, any suggestion is perferred. Thanks a lot! Yours, He

15 years, 7 months

[Bro] Bro Binary(22Mb),configure run output

by nuno romano

I got a bro0.9 binary of 22Mb in Debian 3.1 PPC with a straightforward ./configure make.At first sight it seems a working binary.It responds to bro -v and bro -h.I did not try any further command.Below is the output of the configure run. checking build system type... powerpc-unknown-linux-gnu checking host system type... powerpc-unknown-linux-gnu checking target system type... powerpc-unknown-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets ${MAKE}... yes checking for style of include used by make... GNU checking for gcc... gcc checking for C compiler default output... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking dependency style of gcc... gcc3 checking for flex... flex checking for flex... (cached) flex checking for yywrap in -lfl... yes checking lex output file root... lex.yy checking whether yytext is a pointer... yes checking for bison... bison -y checking for g++... g++ checking whether we are using the GNU C++ compiler... yes checking whether g++ accepts -g... yes checking dependency style of g++... gcc3 checking for a BSD-compatible install... /usr/bin/install -c checking whether make sets ${MAKE}... (cached) yes checking for gzip... gzip checking for OPENSSL_add_all_algorithms_conf in -lcrypto... yes checking for SSL_new in -lssl... yes checking whether OPENSSL_add_all_algorithms_conf is declared... yes checking for OpenSSL >= 0.9.7... yes checking for perl5... no checking for perl... /usr/bin/perl checking for chown... /bin/chown checking Linux kernel version... 2 checking how to run the C preprocessor... gcc -E checking for ANSI C header files... yes checking return type of signal handlers... void checking for sigset... yes checking for int32_t using gcc... yes checking for u_int32_t using gcc... yes checking for u_int16_t using gcc... yes checking for u_int8_t using gcc... yes checking whether time.h and sys/time.h may both be included... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for memory.h... (cached) yes checking netinet/in.h usability... yes checking netinet/in.h presence... yes checking for netinet/in.h... yes checking socket.h usability... no checking socket.h presence... no checking for socket.h... no checking for netinet/ip6.h... yes checking for socklen_t... yes checking if syslog returns int... no checking if we should declare socket and friends... no checking for working memcmp... yes checking for strftime... yes checking for strerror... yes checking for strsep... yes checking for mallinfo... yes checking for library containing inet_aton... none required checking for ns_initparse in -lresolv... no checking for ns_initparse in resolver... yes checking for tgetnum in -ltermcap... yes checking readline/readline.h usability... yes checking readline/readline.h presence... yes checking for readline/readline.h... yes checking whether byte ordering is bigendian... yes checking for ns_msg... yes checking for res_mkquery... no checking for res_mkquery in -lresolv... yes checking for union semun... no checking for struct sembuf... yes checking for struct sockaddr_in.sin_len... no checking for long long... yes checking size of long long... 8 Using shipped pcap configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating doc/Makefile config.status: creating doc/ref-manual/Makefile config.status: creating doc/quick-start/Makefile config.status: creating doc/user-manual/Makefile config.status: creating aux/adtrace/Makefile config.status: creating aux/cf/Makefile config.status: creating aux/hf/Makefile config.status: creating aux/scripts/Makefile config.status: creating aux/bdcat/Makefile config.status: creating aux/rst/Makefile config.status: creating aux/Makefile config.status: creating policy/Makefile config.status: creating policy/sigs/Makefile config.status: creating scripts/Makefile config.status: creating scripts/bro_config config.status: creating scripts/bro.rc config.status: creating scripts/localnetMAC.pl config.status: creating scripts/s2b/Makefile config.status: creating scripts/s2b/bro-include/Makefile config.status: creating scripts/s2b/example_bro_files/Makefile config.status: creating scripts/s2b/etc/Makefile config.status: creating scripts/s2b/bin/Makefile config.status: creating scripts/s2b/pm/Makefile config.status: creating scripts/s2b/snort_rules2.2//Makefile config.status: creating config.h config.status: executing default-1 commands config.status: executing default commands Using install prefix /usr/local/bro Compiling Bro with OpenSSL support: Yes Using perl /usr/bin/perl Using non-blocking main loop: No __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com

15 years, 7 months

Re: [Bro] question about bro's performance

by Vern Paxson

> 1. I see the introduction in bro overview: Bro targets high-speed > (Gbps). I am surprised and doubt it. These issues are discussed at length in the original Bro paper and also H. Dreger, A. Feldmann, V. Paxson, and R. Sommer, Operational Experiences with High-Volume Network Intrusion Detection, Proc. ACM CCS, October 2004. available at http://www.bro-ids.org/publications.html. > 2. I konw bro supports to define signature in regular expression.I > want to konw how does bro support > regular expressions: by perl or do it yourself. It has its own implementation, which is essentially the same as the one used by the "flex" utility (freeware replacement for lex, which I wrote a long time ago). > 3. Is there realtime alarm function in bro? Yes. This is a basic question that is also answered in the Bro paper, as well as in the documentation available from bro-ids.org. Vern

15 years, 7 months

[Bro] question about bro's performance

by 徐�z

hello : firstly, I am sorry for my english :) . I have some questions on bro: 1. I see the introduction in bro overview: Bro targets high-speed (Gbps). I am surprised and doubt it. bro captures packets through libpcap and BPF filter,but libpcap isn't high performance. that's the reason why zero copying and DMA tech are used in IDS field. bro analyses events by policy scripts.there is a problem that script's performance is lower than binary programs.I didn't test bro's performance , maybe I am wrong. 2. I konw bro supports to define signature in regular expression.I want to konw how does bro support regular expressions: by perl or do it yourself. 3. Is there realtime alarm function in bro? I sometimes want to see the current network status on screen,instead of viewing bro's report file. many many thinks

15 years, 7 months

Re: [Bro] for loop

by Vern Paxson

> This is not the first time that this has come up, but generic looping > has been discouraged in general for performance reasons. Now not so much for performance reasons (though that was the original reason) but to push on users to think about using other language constructs that achieve the same results using more abstracted data structures. The notion is that often there's a way to express what you want to do using sets, tables, or events. Vern

15 years, 7 months

Re: [Bro] new Bro CURRENT release (0.9a10)

by Vern Paxson

> I'm glad to here that new version is out, but > can someone add this to the cvs-repository? This wasn't added because it's not in fact the correct fix but just a workaround. There's logic in Bro's signal handling intended to avoid the reentrancy problem in the first place. Could you please reproduce the problem with 0.9a10 and send me (off-list) a full traceback so I can try to see where that logic is failing? > Do you plan to make cvs-repository available for anyone > (read-only of course ;-)? Probably not any time soon, unless folks want to argue that it would really be helpful. > Or at least do you plan to > make something like hot-fix-patches for last released version? It seems it's indeed time to start doing this. Related to this, I'm making 0.9a10 the basis for a continuing bug-fix-only 0.9 branch. For development, we've switched internally to 1.0 (which already has a lot of changes - stay tuned). Vern

15 years, 7 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek September 2005